Zurück zur Übersicht

SMA: SQL injection in Sunny Central UP

VDE-2024-074
Last update
14.05.2025 14:28
Published at
27.11.2024 10:00
Vendor(s)
SMA Solar Technology AG
External ID
VDE-2024-074
CSAF Document
Download

Summary

A security researcher discovered that in the affected products an authenticated (administration privileges) SQL injection has been found on the administration panel allowing access to a database. The database that can be accessed is a log database in which measurement data are stored for a graphical representation.

Impact

An authenticated user can access (read/write) an internal SQL database with measurement data that are used only for a graphical representation in UI.

Affected Product(s)

Model no. Product name Affected versions
SC 1760-US SC 1760-US Firmware <10.01.18.R
SC 1850-US SC 1850-US Firmware <10.01.18.R
SC 2000 EV-US SC 2000 EV-US Firmware <10.01.18.R
SC 2000-US SC 2000-US Firmware <10.01.18.R
SC 2200-US SC 2200-US Firmware <10.01.18.R
SC 2500 EV-US SC 2500 EV-US Firmware <10.01.18.R
SC 2660 UP SC 2660 UP Firmware <10.01.18.R
SC 2660 UP-US SC 2660 UP-US Firmware <10.01.18.R
SC 2750 EV-US SC 2750 EV-US Firmware <10.01.18.R
SC 2750 UP-US SC 2750 UP-US Firmware <10.01.18.R
SC 2800 UP SC 2800 UP Firmware <10.01.18.R
SC 2800 UP-US SC 2800 UP-US Firmware <10.01.18.R
SC 2930 UP SC 2930 UP Firmware <10.01.18.R
SC 2930 UP-US SC 2930 UP-US Firmware <10.01.18.R
SC 3060 UP SC 3060 UP Firmware <10.01.18.R
SC 3060 UP-US SC 3060 UP-US Firmware <10.01.18.R
SC 4000 UP SC 4000 UP Firmware <10.01.18.R
SC 4000 UP-US SC 4000 UP-US Firmware <10.01.18.R
SC 4200 UP SC 4200 UP Firmware <10.01.18.R
SC 4200 UP-US SC 4200 UP-US Firmware <10.01.18.R
SC 4400 UP SC 4400 UP Firmware <10.01.18.R
SC 4400 UP-JP SC 4400 UP-JP Firmware <10.01.18.R
SC 4400 UP-US SC 4400 UP-US Firmware <10.01.18.R
SC 4600 UP SC 4600 UP Firmware <10.01.18.R
SC 4600 UP-US SC 4600 UP-US Firmware <10.01.18.R
SC-2200-10 SC-2200-10 Firmware <10.01.18.R
SC-2475-10 SC-2475-10 Firmware <10.01.18.R
SCS 2300 UP-XT SCS 2300 UP-XT Firmware <10.01.18.R
SCS 2300 UP-XT-US SCS 2300 UP-XT-US Firmware <10.01.18.R
SCS 2400 UP-XT SCS 2400 UP-XT Firmware <10.01.18.R
SCS 2400 UP-XT-US SCS 2400 UP-XT-US Firmware <10.01.18.R
SCS 2530 UP-XT SCS 2530 UP-XT Firmware <10.01.18.R
SCS 2530 UP-XT-US SCS 2530 UP-XT-US Firmware <10.01.18.R
SCS 2630 UP-XT SCS 2630 UP-XT Firmware <10.01.18.R
SCS 2630 UP-XT-US SCS 2630 UP-XT-US Firmware <10.01.18.R
SCS 3450 UP SCS 3450 UP Firmware <10.01.18.R
SCS 3450 UP-US SCS 3450 UP-US Firmware <10.01.18.R
SCS 3450 UP-XT SCS 3450 UP-XT Firmware <10.01.18.R
SCS 3450 UP-XT-JP SCS 3450 UP-XT-JP Firmware <10.01.18.R
SCS 3450 UP-XT-US SCS 3450 UP-XT-US Firmware <10.01.18.R
SCS 3600 UP SCS 3600 UP Firmware <10.01.18.R
SCS 3600 UP-US SCS 3600 UP-US Firmware <10.01.18.R
SCS 3600 UP-XT SCS 3600 UP-XT Firmware <10.01.18.R
SCS 3600 UP-XT-US SCS 3600 UP-XT-US Firmware <10.01.18.R
SCS 3800 UP SCS 3800 UP Firmware <10.01.18.R
SCS 3800 UP-US SCS 3800 UP-US Firmware <10.01.18.R
SCS 3800 UP-XT SCS 3800 UP-XT Firmware <10.01.18.R
SCS 3800 UP-XT-US SCS 3800 UP-XT-US Firmware <10.01.18.R
SCS 3950 UP SCS 3950 UP Firmware <10.01.18.R
SCS 3950 UP-US SCS 3950 UP-US Firmware <10.01.18.R
SCS 3950 UP-XT SCS 3950 UP-XT Firmware <10.01.18.R
SCS 3950 UP-XT-US SCS 3950 UP-XT-US Firmware <10.01.18.R
SCS-1900-10 SCS-1900-10 Firmware <10.01.18.R
SCS-2200-10 SCS-2200-10 Firmware <10.01.18.R
SCS-2475-10 SCS-2475-10 Firmware <10.01.18.R
SCS-2900-10 SCS-2900-10 Firmware <10.01.18.R

Vulnerabilities

Expand / Collapse all

Published
22.09.2025 14:57
Severity
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Weakness
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)
Summary

An authenticated attacker with low privileges may use a SQL Injection vulnerability in the affected products administration panel to gain read and write access to a specific log file of the device.

References
cve.org | nvd.nist.gov

Mitigation

If you can not update your system to the latest version and you assume a manipulation of this database, you can download the raw data as a csv file.

Remediation

Update Firmware to at least version 10.01.18.R

Revision History

Version Date Summary
1 27.11.2024 10:00 Initial revision.
2 29.11.2024 09:00 fixed URL in CSAF reference, removed draft
3 14.05.2025 14:28 Fix: version space